vendor/pimcore/portal-engine/src/Controller/AuthController.php line 41

Open in your IDE?
  1. <?php
  3. /**
  4.  * Pimcore
  5.  *
  6.  * This source file is available under following license:
  7.  * - Pimcore Commercial License (PCL)
  8.  *
  9.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  10.  *  @license    http://www.pimcore.org/license     PCL
  11.  */
  13. namespace Pimcore\Bundle\PortalEngineBundle\Controller;
  15. use GuzzleHttp\ClientInterface;
  16. use Pimcore\Bundle\OpenIdConnectBundle\Client\Provider\OpenIdConnectProvider;
  17. use Pimcore\Bundle\OpenIdConnectBundle\Session\Configurator;
  18. use Pimcore\Bundle\PortalEngineBundle\Exception\OutputErrorException;
  19. use Pimcore\Bundle\PortalEngineBundle\Form\LoginForm;
  20. use Pimcore\Bundle\PortalEngineBundle\Form\RecoverPasswordForm;
  21. use Pimcore\Bundle\PortalEngineBundle\Model\View\Notification;
  22. use Pimcore\Bundle\PortalEngineBundle\Service\Content\HeadTitleService;
  23. use Pimcore\Bundle\PortalEngineBundle\Service\Frontend\FrontendNotificationService;
  24. use Pimcore\Bundle\PortalEngineBundle\Service\PortalConfig\PortalConfigService;
  25. use Pimcore\Bundle\PortalEngineBundle\Service\Security\Authentication\OpenIdConnectAuthenticator;
  26. use Pimcore\Bundle\PortalEngineBundle\Service\Security\Authentication\User\PasswordChangeableService;
  27. use Pimcore\Bundle\PortalEngineBundle\Service\Security\Authentication\User\RecoverPasswordService;
  28. use Pimcore\Tool;
  29. use Symfony\Component\Form\FormFactoryInterface;
  30. use Symfony\Component\Form\FormInterface;
  31. use Symfony\Component\HttpFoundation\Request;
  32. use Symfony\Component\HttpFoundation\Session\Attribute\NamespacedAttributeBag;
  33. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  34. use Symfony\Component\Routing\Annotation\Route;
  35. use Symfony\Contracts\Translation\LocaleAwareInterface;
  36. use Symfony\Contracts\Translation\TranslatorInterface;
  38. /**
  39.  * @Route("/auth", condition="request.attributes.get('isPortalEngineSite')")
  40.  */
  41. class AuthController extends AbstractSiteController
  42. {
  43.     protected ClientInterface $httpClient;
  45.     /**
  46.      * @param ClientInterface $httpClient
  47.      */
  48.     public function __construct(ClientInterface $httpClient)
  49.     {
  50.         $this->httpClient $httpClient;
  51.     }
  53.     /**
  54.      * @Route("/login",
  55.      *     name="pimcore_portalengine_auth_login"
  56.      * )
  57.      */
  58.     public function loginAction(Request $requestFormFactoryInterface $formFactoryHeadTitleService $headTitleServiceTranslatorInterface $translatorPortalConfigService $portalConfigServicePasswordChangeableService $passwordChangeableService)
  59.     {
  60.         /** @var string $locale */
  61.         $locale $request->getPreferredLanguage(Tool::getValidLanguages());
  62.         if ($translator instanceof LocaleAwareInterface) {
  63.             $translator->setLocale($locale);
  64.         }
  65.         $request->setLocale($locale);
  67.         $portalName $portalConfigService->getPortalName();
  68.         $oidcProviders $portalConfigService->getCurrentPortalConfig()->getOidcConfigs();
  69.         $headTitleService->setTitle($translator->trans('portal-engine.content.title.auth-login', ['%name%' => $portalName]));
  71.         $loginForm $formFactory->create(LoginForm::class);
  73.         return $this->renderTemplate('@PimcorePortalEngine/auth/login.html.twig', [
  74.             'form' => $loginForm->createView(),
  75.             'loginFailed' => (bool)$request->query->get('loginFailed'),
  76.             'portalName' => $portalName,
  77.             'oidcProviderNames' => array_keys($oidcProviders),
  78.             'showRecoverPassword' => $passwordChangeableService->isPasswordChangeable()
  79.         ]);
  80.     }
  82.     /**
  83.      * @Route("/logout",
  84.      *     name="pimcore_portalengine_auth_logout"
  85.      * )
  86.      */
  87.     public function logoutAction(Request $request)
  88.     {
  89.         return $this->redirectToRoute('pimcore_portalengine_auth_login');
  90.     }
  92.     /**
  93.      * @Route("/recover-password",
  94.      *     name="pimcore_portalengine_auth_recover_password"
  95.      * )
  96.      */
  97.     public function recoverPasswordAction(Request $requestTranslatorInterface $translatorFormFactoryInterface $formFactoryFrontendNotificationService $frontendNotificationServiceRecoverPasswordService $recoverPasswordServicePasswordChangeableService $passwordChangeableServiceHeadTitleService $headTitleService)
  98.     {
  99.         if (!$passwordChangeableService->isPasswordChangeable()) {
  100.             throw new NotFoundHttpException('password not changeable');
  101.         }
  103.         /** @var string $locale */
  104.         $locale $request->getPreferredLanguage(Tool::getValidLanguages());
  105.         if ($translator instanceof LocaleAwareInterface) {
  106.             $translator->setLocale($locale);
  107.         }
  108.         $request->setLocale($locale);
  110.         $headTitleService->setTitle($translator->trans('portal-engine.content.title.auth-recover-password'));
  112.         /** @var FormInterface $recoverPasswordForm */
  113.         $recoverPasswordForm $formFactory
  114.             ->create(RecoverPasswordForm::class)
  115.             ->handleRequest($request);
  117.         if ($request->isMethod(Request::METHOD_POST) && $recoverPasswordForm->isSubmitted() && $recoverPasswordForm->isValid()) {
  118.             try {
  119.                 /** @var string $userIdentifier */
  120.                 $userIdentifier = (string)$recoverPasswordForm->get('userIdentifier')->getData();
  121.                 if (empty($userIdentifier)) {
  122.                     throw new OutputErrorException($translator->trans('portal-engine.auth.user-not-found'));
  123.                 }
  125.                 $recoverPasswordService->recoverPassword($userIdentifier);
  127.                 $frontendNotificationService
  128.                     ->addNotification($translator->trans('portal-engine.auth.password-recover-email'), Notification::HTML_CLASS_SUCCESS);
  129.             } catch (\Exception $e) {
  130.                 if ($e instanceof OutputErrorException) {
  131.                     $frontendNotificationService->addNotification($e->getMessage(), Notification::HTML_CLASS_DANGER);
  132.                 }
  133.             }
  134.         }
  136.         return $this->renderTemplate('@PimcorePortalEngine/auth/recover_password.html.twig', [
  137.             'recoverPasswordForm' => $recoverPasswordForm->createView(),
  138.             'notification' => $frontendNotificationService->getNotification()
  139.         ]);
  140.     }
  142.     /**
  143.      * @Route("/oidc/endpoint",
  144.      *     name="pimcore_portalengine_auth_oidc"
  145.      * )
  146.      */
  147.     public function oidcAction(Request $requestPortalConfigService $portalConfigService)
  148.     {
  149.         if (!class_exists('Pimcore\\Bundle\\OpenIdConnectBundle\\PimcoreOpenIdConnectBundle')) {
  150.             throw new \Exception('OpenID Connect Bundle not available');
  151.         }
  153.         if ($request->get('error')) {
  154.             throw new \Exception(strip_tags($request->get('error')) . ': ' strip_tags($request->get('error_description')));
  155.         }
  157.         $portalConfig $portalConfigService->getCurrentPortalConfig();
  159.         $session $request->getSession();
  161.         /** @var NamespacedAttributeBag $sessionBag */
  162.         $sessionBag $session->getBag(Configurator::SESSION_BAG_NAME); // @phpstan-ignore-line
  164.         // if coming back from provider, use provider from session
  165.         if ($request->get('code')) {
  166.             $providerName $sessionBag->get(OpenIdConnectAuthenticator::SESSION_KEY_PROVIDER);
  167.         } else {
  168.             $providerName $request->get('provider');
  169.             $sessionBag->set(OpenIdConnectAuthenticator::SESSION_KEY_PROVIDER$providerName);
  170.         }
  172.         $oidcConfig $portalConfig->getOidcConfig($providerName);
  173.         if (empty($oidcConfig)) {
  174.             throw new \InvalidArgumentException(sprintf('Provider `%s` unknown.'strip_tags($request->get('provider'))));
  175.         }
  177.         $provider = new OpenIdConnectProvider([   // @phpstan-ignore-line
  178.             'clientId' => $oidcConfig->getClientId(),
  179.             'clientSecret' => $oidcConfig->getClientSecret(),
  180.             'urlDiscovery' => $oidcConfig->getDiscoveryUrl(),
  181.             'redirectUri' => $request->getSchemeAndHttpHost() . $request->getPathInfo(),
  182.             'scopes' => $oidcConfig->getScopes()
  183.         ]);
  184.         $provider->setHttpClient($this->httpClient); // @phpstan-ignore-line
  186.         if (!$request->get('code')) {
  188.             // If we don't have an authorization code then get one
  189.             $authUrl $provider->getAuthorizationUrl(); // @phpstan-ignore-line
  190.             $sessionBag->set(OpenIdConnectAuthenticator::SESSION_KEY_STATE$provider->getState()); // @phpstan-ignore-line
  192.             return $this->redirect($authUrl);
  193.         } elseif (!$request->get('state') || ($request->get('state') !== $sessionBag->get('oauth2state'))) {
  194.             // Check given state against previously stored one to mitigate CSRF attack
  195.             $sessionBag->remove(OpenIdConnectAuthenticator::SESSION_KEY_STATE);
  196.             throw new \Exception('Invalid state');
  197.         }
  199.         return $this->redirectToRoute('pimcore_portalengine_auth_login');
  200.     }
  201. }